惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
P
Privacy International News Feed
Security Latest
Security Latest
H
Hacker News: Front Page
T
Tenable Blog
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
Project Zero
Project Zero
O
OpenAI News
AI
AI
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
NISL@THU
NISL@THU
A
Arctic Wolf
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
N
News and Events Feed by Topic
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
U
Unit 42
S
Security Affairs
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
博客园 - 【当耐特】
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
月光博客
月光博客
Engineering at Meta
Engineering at Meta
腾讯CDC
F
Full Disclosure
Cyberwarzone
Cyberwarzone
S
SegmentFault 最新的问题
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
The Cloudflare Blog

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
The Identity Crisis Your Security Team Didn't See Coming
Darren Gucci · 2026-05-20 · via Forbes - Innovation

Darren Guccione, CEO and cofounder, Keeper Security.

getty

​For decades, identity security meant one thing: protecting the humans who access your systems. You issued credentials, enforced passwords, deployed multifactor authentication and moved on.

That model made sense when the identities you were managing were tied to a real person.​

That world no longer exists.​ AI has redefined what an identity is, and most enterprises are nowhere near catching up.

AI agents don’t wait for instructions from a human to act. Rather, they operate autonomously and around the clock to execute transactions, access sensitive systems or interact with external applications.

Every agent requires credentials and access rights to function. Where a large organization might manage tens of thousands of human identities, the number of non-human identities (NHIs) can scale far beyond and outnumber the human workforce across an enterprise ecosystem.​

At RSAC 2026, Cisco President and Chief Product Officer Jeetu Patel said it frankly: When identities operate at machine speed, traditional security models break. AI agents require a new model for establishing trust, not just a retooled version of the old model.​

The Scale Problem Is The Easy Part​

The harder problem is behavioral. NHIs act nothing like human identities, and organizations that govern them the same way are creating exposure they may not recognize until it's too late.

Human accounts have a person behind them, someone who can be questioned, suspended or fired. NHIs, on the other hand, are frequently created on demand by developers or automated processes, with no centralized oversight and no clear owner.

They also don't map onto legacy privileged access management models designed around human behavior. For example, an employee logging in to an unusual system at 3:00 a.m. triggers alerts, while an AI agent doing the same thing looks routine—until it becomes a breach.​

The risk is not hypothetical. When AI agent social network Moltbook launched, a misconfigured database exposed roughly 1.5 million API authentication tokens within days. Researchers from Wiz found that anyone with those tokens could impersonate or take control of agents that had access to internal systems like Slack and email.

In many enterprise environments, machines and NHIs already outnumber human users 92-to-1, according to my company's survey of 109 cybersecurity professionals conducted on-site at RSA Conference 2026. That's 92 entry points for every one that requires compromising a human.​

The broader industry is struggling to keep pace. The same survey found that only 28% of organizations have full visibility into NHIs across cloud, on-premises and SaaS environments. More than 40% had already experienced a security incident involving non-human identities or credentials in the past year. Another 32% weren't sure whether one had occurred—a detection gap that is itself a problem.​

These are solvable problems, but most aren’t solving them fast enough. Security governance for NHIs needs to move faster, because AI deployment certainly isn't slowing down.​

Where To Start​

Most security teams know they have an NHI problem. Fewer know where to begin solving it.

The answer starts with visibility: Get a full accounting of your NHIs. Most organizations have a surprisingly poor picture of how many exist, who created them and what they can access. Without this visibility, everything else is just guesswork.​

Once you have visibility, the next step is to apply least-privilege access to NHIs with more discipline than you would normally apply to humans. AI agents accumulate permissions over time, often far beyond what any single task requires. Reducing that footprint and automating enforcement will limit the damage when something goes wrong.​

Move away from standing permissions toward a least-privilege model with just-in-time access. Agents shouldn't hold 24/7 access to systems they use occasionally any more than employees should. Dynamic, task-specific access is harder to exploit and easier to audit.​

Finally, track down dormant identities. Abandoned service accounts and unused API keys don't disappear but sit quietly with whatever access they were originally granted. These "zombie" identities represent risk with zero operational value. Decommissioning them needs to be a standard practice, not a once-a-year cleanup project.​

Conclusion ​

NHI security is not an IT hygiene issue. It sits at the intersection of data security, regulatory compliance and operational risk. Every AI agent your organization deploys is an identity with access to real systems.

The identity perimeter has already expanded beyond what most organizations are prepared to govern. The question is no longer whether to build a framework for NHIs. It's whether your organization will do it before or after a breach forces the issue.​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?